8000 [Python]: Add Server-side Request Forgery sinks · Issue #545 · github/securitylab · GitHub
[go: up one dir, main page]

Skip to content
[Python]: Add Server-side Request Forgery sinks #545
Closed
@haby0

Description

@haby0

Query PR

github/codeql#8275

Language

Python

CVE(s) ID list

Other: https://lgtm.com/query/5777911924609612713/

CWE

CWE-918: Server-Side Request Forgery (SSRF)

Report

1.What is the vulnerability?
Add some sinks in the CodeQL-Python SSRF model. Modeled Python libraries are: Aiohttp, Httpx, Libtaxii, Urllib, Urllib2, Urllib3.

2.How does the vulnerability work?
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

3.What strategy do you use in your query to find the vulnerability?
Added some sinks on CodeQL-Python CWE-918 model.

4.What have you reduced the number of false positives?
Sanitizer has not been modeled yet.

5.Other information?
None.

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

  • Yes
  • No

Blog post link

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    All For OneSubmissions to the All for One, One for All bounty

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      0